DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 26th June 2008
Seb74 Seb74 is offline
Port Guard
 
Join Date: Jun 2008
Posts: 20
Thanked 0 Times in 0 Posts
Default How to make it work with VLAN-trunking?

Do I need to enable some vlan-interface on my OpenBSD machine for it to act as a client, with specific settings and stuff, or can I just activate 802.1q on the switch and assign different ports to different vlans, configuring the ip-addresses accordingly, and it'll just plain work?

If my onboard 100Mb NIC understands those tags at all that is...dont know how to check, its onboard on a Via Mini-ITX.

EDIT: Or probably I can just set the switch to strip the tags before sending the frames out the port directly to the client.....right?
They only do good if being send through another hub/switch where the tag needs to remain.
That way the NIC wont have to care a bit about VLAN's, or even know they exist. Right?

Last edited by Seb74; 26th June 2008 at 11:19 AM.
Reply With Quote
  #2   (View Single Post)  
Old 27th June 2008
ai-danno's Avatar
ai-danno ai-danno is offline
Spam Deminer
 
Join Date: May 2008
Location: Boca Raton, Florida
Posts: 284
Thanked 35 Times in 31 Posts
Default

Assigning a VLAN to ports in a switch and tagging frames coming over a particular port on a switch are two different things. The switchport the OBSD box connects on can belong to a single VLAN that has an assigned ID but not have any knowledge of that VLAN ID itself. Only if the OBSD box needs to talk to other hosts off the switch within their specific L2 domains (as opposed to talking to them via the local router) will you need to enable trunking on both the switchport that the OBSD box connects on and the NIC of the OBSD box itself. That's where trunking of the ports becomes necessary- when the OBSd box will be communicating directly with multiple VLANs instead of routing that traffic via the local router.

If I'm not mistaken setting trunking on the OBSD box isn't dependent on the specific NIC on the OBSD box, it's done in the OS of the OBSD box itself (as long as the NIC supports trunking, which all modern NIC's should.)
__________________
Network Firefighter
Reply With Quote
  #3   (View Single Post)  
Old 28th June 2008
Seb74 Seb74 is offline
Port Guard
 
Join Date: Jun 2008
Posts: 20
Thanked 0 Times in 0 Posts
Default

Yeah maybe its common for NIC's to support VLAN's, but I have one windows-machine at home that has no settings for VLAN's (which all other "windows-NIC's" do).

But as you said, and I already found out, its not very likely a NIC has to know anything about VLAN's just to belong to a VLAN, if I set the switch to strip the tags before sending them out that port.
Reply With Quote
  #4   (View Single Post)  
Old 28th June 2008
ai-danno's Avatar
ai-danno ai-danno is offline
Spam Deminer
 
Join Date: May 2008
Location: Boca Raton, Florida
Posts: 284
Thanked 35 Times in 31 Posts
Default

If your connection on the switchport to your server is set to 'access' already then that 'access' functionality already strips the VLAN tag- hence why your box doesn't need to have knowledge of the particular VLAN of which it's connecting switchport belongs. However, having the switchport set to 'access' also means that only one VLAN (aside from perhaps the management VLAN- of which functionality varies from switch to switch) will be able to be assigned to your switchport.

If the switchport (and OBSD NIC) are set to 'trunk' then the OBSD NIC will have to be configured to talk to each VLAN that the connecting switchport is assigned to. Any VLANS that it is not specifically configured to talk to in this instance will not be available to communicate with.
__________________
Network Firefighter

Last edited by ai-danno; 28th June 2008 at 02:06 PM.
Reply With Quote
  #5   (View Single Post)  
Old 28th June 2008
ai-danno's Avatar
ai-danno ai-danno is offline
Spam Deminer
 
Join Date: May 2008
Location: Boca Raton, Florida
Posts: 284
Thanked 35 Times in 31 Posts
Default

ps- you are posting networking questions all over the place. Perhaps it's better to place them in the new networking section outside of the OBSD section.
__________________
Network Firefighter
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
NetBSD on a laptop: trying to make it work Mr-Biscuit NetBSD Installation and Upgrading 1 1st June 2009 01:43 AM
Bonding and trunking mcormie OpenBSD General 0 25th March 2009 10:56 PM
Any chance to make work in FreeBSD ? giga FreeBSD General 2 30th January 2009 10:07 PM
New Kernel: "make depend" doesn't work nihonto NetBSD General 9 23rd January 2009 09:02 PM
firefox3 with mplayer-plugin? Any possibility to make them work together.? daemonFromHeaven FreeBSD Ports and Packages 4 16th September 2008 09:47 AM


All times are GMT. The time now is 08:28 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick